IN THE CLAIMS : 

Please amend claims 1-12, and add new claims 13-28, as follows. 

1 . (Currently Amended) A method for controlling transfer of data between a 
service provider and a user in a communication system where the service provider 
possesses a privacy policy, the method comprising the steps of : 

introducing to a broker a usage policy for constraints related to data of a user; 
receiving a request for data associated with the user from a service provider to the 
broker; 

checking, in the broker, the request against a usage policy of the user r ^and 
deciding tf- whether the data can be released;. 

wherein the privacy policy and the usage policy specify a strictness level selected 
from a defined set of strictness levels, describing the constraints related to the access of 
data, t 

2. (Currently Amended) A method according to The method of claim 1, further 
comprising: the step of 

using the user to define the usage policy for the constraints related to the data. 

3. (Currently Amended) A method according to The method of claim 1 , further 
comprising; the step of 

providing the broker with a predefined set of privacy policies and usage policies. 
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4. (Currently Amended) A method acoording to The method of claim 3, wherein 
the providing step-comprises providing the privacy policies and the usage policies 
comprising similar information elements. 

5. (Currently Amended) A method according to The method of claim 3, wherein 
the providing step-comprises providing at least one of the privacy policies and at least 
one of the usage policies which specify a strictness level describing the constraints 
related to the data. 

6. (Currently Amended) A method according to The method of claim 3, further 
comprising^ th e st e p of 

using the user to choose the usage policies for the constraints related to the data. 

7. (Currently Amended) A m e thod according to The method of claim 5, further 
comprising; the step of 

releasing user data if -when the at least one of the privacy policies of the service 
provider matches with the specified strictness level of the at least one of the usage 
policies of the user. 



8. (Currently Amended) A method according to The method of claim 5, further 
comprising: th e st e p of 

indicating, by the broker, the strictness level of the at least one of the usage 
policies of the user to the service provider if -when the at least one of the privacy policies 
of the service provider does not match with the specified strictness level of the at least 
one of the usage policies of the user. 

9. (Currently Amended) A method according to The method of claim 5, further 
comprising: th e st e p of 

allowing the user to reduce a usage policy requirement if -when the at least one of 
the privacy policies of the service provider does not match with the specified strictness 
level of the at least one of the usage policies of the user. 

10. (Currently Amended) A method according to The method of claim h further 
comprising: the step of 

attaching an electronically signed usage policy to the data when the data is 
released. 

1 1 . (Currently Amended) A data transfer system comprising: 
a service provider possessing a privacy policy; and 



a broker hosting a usage policy for constraints related to data of a user, configured 
fer-to checking a request from the service provider against the usage policy of the user 
and for deciding to decide ^whether data associated with the user can be released in 
response to the request. 

12. (Currently Amended) A data transfer system, comprising: 

introducing means for introducing to a broker a usage policy for constraints related 
to data of a user; 

receiving means for receiving a request for data associated with the user from a 
service provider to the broker; 

checking means for checking, in the broker, the request against a usage policy of 
the user; and 

deciding means for deciding ^ whether the data can be released. 

13. (New) A device, configured to: 

receive a request for data associated with a user from a service provider; 
check the request against a usage policy of the user; and 
decide whether the data can be released. 
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14. (New) The device of claim 13, further configured to: 

release user data when at least one privacy policy of the service provider matches 
with a specified strictness level of the usage policy of the user. 

15. (New) The device of claim 13, further configured to: 

indicate the strictness level of the at least one of the usage policies of the user to 
the service provider when the at least one of the privacy policies of the service provider 
does not match with the specified strictness level of the at least one of the usage policies 
of the user. 

16. (New) The device of claim 13, further configured to: 

allow the user to reduce a usage policy requirement when the at least one of the 
privacy policies of the service provider does not match with the specified strictness level 
of the at least one of the usage policies of the user. 

17. (New) The device of claim 13, further configured to: 

attach an electronically signed usage policy to the data when the data is released. 

18. (New) A device, comprising: 

receiving means for receiving a request for data associated with a user from a 
service provider; 
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checking means for checking the request against a usage policy of the user; and 
deciding means for deciding whether the data can be released. 

19. (New) A computer-readable medium having computer-executable 
components for controlling transfer of data between a service provider and a user in a 
communication system where the service provider possesses a privacy policy, the 
components arranged for: 

receiving a usage policy for constraints related to data of a user; 
receiving a request for data associated with the user from a service provider; 
checking the request against a usage policy of the user; and 
deciding whether the data can be released; 

wherein the privacy policy and the usage policy specify a strictness level, selected 
from a defined set of strictness levels, describing the constraints related to the access of 
data. 

20. (New) The medium of claim 19, wherein the components are arranged for: 
the user defining the usage policy for the constraints related to the data. 

21. (New) The medium of claim 19, wherein the components are arranged for: 
receiving a predefined set of privacy policies and usage policies. 
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22. (New) The medium of claim 21, wherein the receiving the predefined set 
comprises receiving the privacy policies and the usage policies comprising similar 
information elements. 

23. (New) The medium of claim 21, wherein the receiving the predefined set 
comprises receiving at least one of the privacy policies and at least one of the usage 
policies which specify a strictness level describing the constraints related to the data. 

24. (New) The medium of claim 21, wherein the components are arranged for: 
the user choosing the usage policies for the constraints related to the data. 

25. (New) The medium of claim 23, wherein the components are arranged for: 
releasing user data when the at least one of the privacy policies of the service 

provider matches with the specified strictness level of the at least one of the usage 
policies of the user. 

26. (New) The medium of claim 23, wherein the components are arranged for: 
indicating the strictness level of the at least one of the usage policies of the user to 

the service provider when the at least one of the privacy policies of the service provider 
does not match with the specified strictness level of the at least one of the usage policies 
of the user. 
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27. (New) The medium of claim 23, wherein the components are arranged for: 
allowing the user to reduce a usage policy requirement when the at least one of the 

privacy policies of the service provider does not match with the specified strictness level 
of the at least one of the usage policies of the user. 

28. (New) The medium of claim 19, wherein the components are arranged for: 
attaching an electronically signed usage policy to the data when the data is 

released. 
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